Sunday, April 10, 2011

Reality check

I heard a number of people recently say that they wouldn’t store their data in data centres because it is more likely to be hacked and stolen. Ah, …say what…? Rather than get into the technicalities of cloud security let me draw an analogy here.

If you really wanted to you could stick all your money under you mattress at home. Does that make in immune from theft? Nope. Most people elect to trust their money to a bank. You’ll pay a fee for this but you gain a certain amount of increased security and convenience. Given that banks are holding the assets of many people they can spread the cost of improved security across all the customers as well as given them the convenience of accessing their money just about everywhere.

Does this mean you won’t maintain some money at home and in your wallet? Nope. It just means you don’t have to maintain all your savings with you all the time. Does this mean that a bank isn’t subject to theft? Certainly not. But generally you’d have to agree that it is less likely to be subject to theft even though it looks after a lots of people’s money.

Security is never perfect, security is journey not a destination, security is about human beings and human beings are far from perfect and finally it is about risk and return. Sure you could keep all your money under your mattress but is it really more secure? And what price do you pay in convenience over trusting it to a bank? Seems to me that most people see the rewards of being with a bank much greater than the risk. Banks are also commercial entities, which means they need to abide by legislation on how they deal with people’s money. They are also private enterprises whose reputation (and stock price) will suffer if theft occurs. These is just two powerful incentives for banks to ensure they keep people’s money secure.

So how is it that people seem to think their data is more secure if it is saved on a server in their office? Chances are that server is connected to the Internet full time. This makes it its own data centre. Why is it people believe their own little in house data centre is less subject to attack that a large commercial data centre? It really just doesn’t make any sense.

Of course there is the argument that if you money gets stolen while in a bank it will generally get refunded by the bank but what happens in the case of your information being stolen? Once your information has been stolen there is generally not a lot a way to ‘replace’ it. However, let’s look at the fact that people are happy to send emails full of that same information to people they have never met, unencrypted and unsecured across the public Internet without a moments thought. Even given this hugely insecure process it still remain wildly popular doesn’t it? Why? Because the convenience trumps the security issues. Risk and reward at work again.

There are certainly challenges with cloud computing including the storage and security of data. Yes by all means lets have a debate about the issue, but lets have a debate about the reality of the world we live in not some hysterical emotional response to a perception of the truth.